West County Media // News

WordPress 4.8.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.8.1 and earlier are affected by these security issues:

$wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Slavco

A cross-site scripting (XSS) vulnerability was discovered in the oEmbed discovery. Reported by xknown of the WordPress Security Team.

A cross-site scripting (XSS) vulnerability was discovered in the visual editor. Reported by Rodolfo Assis (@brutelogic) of Sucuri Security.

While there haven’t been any major events or big new developments in the WordPress world this past month, a lot of work has gone into developing a sustainable future for the project. Read on to find out more about this and other interesting news from around the WordPress world in August.

The Global WordPress Translation Day Returns

On September 30, the WordPress Polyglots team will be holding the third Global WordPress Translation Day. This is a 24-hour global event dedicated to the translation of the WordPress ecosystem (core, themes, plugins), and is a mix of physical, in-person translation work with online streaming of talks from WordPress translators all over the world.

Meetup groups will be holding events where community members will come together to translate WordPress. To get involved in this worldwide event, join your local meetup group or, if one is not already taking place in your area, organize one for your community.

WordPress Foundation to Run Open Source Training Worldwide

The WordPress Foundation is a non-profit organization that exists to provide educational events and resources for hackathons, support of the open web, and promotion of diversity in the global open source community.

In an effort to push these goals forward, the Foundation is going to be offering assistance to communities who would like to run local open source training workshops. A number of organizers have applied to be a part of this initiative, and the Foundation will be selecting two communities in the coming weeks.

Next Steps in WordPress Core’s PHP Focus

After last month’s push to focus on WordPress core’s PHP development, a number of new initiatives have been proposed and implemented. The first of these initiatives is a page on WordPress.org that will educate users on the benefits of upgrading PHP. The page and its implementation are still in development, so you can follow and contribute on GitHub.

Along with this, plugin developers are now able to specify the minimum required PHP version for their plugins. This version will then be displayed on the Plugin Directory page, but it will not (yet) prevent users from installing it.

The next evolution of this is for the minimum PHP requirement to be enforced so that plugins will only work if that requirement is met. You can assist with this implementation by contributing your input or a patch on the open ticket.

As always, discussions around the implementation of PHP in WordPress core are done in the #core-php channel in the Making WordPress Slack group.

New Editor Development Continues

For a few months now, the core team has been steadily working on Gutenberg, the new editor for WordPress core. While Gutenberg is still in development and is some time away from being ready, a huge amount of progress has already been made. In fact, v1.0.0 of Gutenberg was released this week.

Laura’s thought provoking collage art will be on display throughout the month of September 2017 at Fogbelt Brewing Co. in Santa Rosa, CA

Laura is hosting an open-to-the-public Artist Reception at Fogbelt on Sunday, September 10th, 2017 at 2:00pm. We welcome you to stop by to enjoy Laura’s inspiring works, and a tasty artisan treat from Fogbelt.

After over 13 million downloads of WordPress 4.8, we are pleased to announce the immediate availability of WordPress 4.8.1, a maintenance release.

This release contains 29 maintenance fixes and enhancements, chief among them are fixes to the rich Text widget and the introduction of the Custom HTML widget. For a full list of changes, consult the release notes, the tickets closed, and the list of changes.

After a particularly busy month in June, things settled down a bit in the WordPress world — WordPress 4.8’s release went very smoothly, allowing the Core team to build up some of the community infrastructure around development. Read on for more interesting news from around the WordPress world in July.

Weekly meeting for new core contributors

Onboarding new contributors is a persistent issue for most WordPress contribution teams. While every team welcomes any new contributors, the path to getting deeply involved can be tricky to find at times.

This month, the Core team implemented a fantastic new initiative: weekly meetings for new core contributors as a way to encourage involvement and foster fresh contributions. The meetings not only focus on bugs suited to first-time contributors, they also make space for experienced contributors to help out individuals who may be new to developing WordPress core.

Sharp rise in meetup group growth

The dashboard events widget in WordPress 4.8 displays local, upcoming WordPress events for the logged in user. The events listed in this widget are pulled from the meetup chapter program, as well as the WordCamp schedule.

This widget provides greater visibility of official WordPress events, and encourages community involvement in these events. It’s safe to say that the widget has achieved its goals admirably — since WordPress 4.8 was released a little over a month ago, 31 new meetup groups have been formed with 15,647 new members across the whole program. This is compared to 19 new groups and only 7,071 new members in the same time period last year.

WordPress 4.8.1 due for imminent release

WordPress 4.8 cycle’s first maintenance release will be published in the coming week, more than a month after 4.8 was released. This release fix some important issues in WordPress core and the majority of users will find that their sites will update to this new version automatically.

We’re starting a new regular feature on this blog today. We’d like to keep everyone up-to-date about the happenings all across the WordPress open source project and highlight how you can get involved, so we’ll be posting a roundup of all the major WordPress news at the end of every month.

Aside from other general news, the three big events in June were the release of WordPress 4.8, WordCamp Europe 2017, and the WordPress Community Summit. Read on to hear more about these as well as other interesting stories from around the WordPress world.

WordPress 4.8

On June 8, a week before the Community Summit and WordCamp Europe, WordPress 4.8 was released.You can read the Field Guide for a comprehensive overview of all the features of this release (the News and Events widget in the dashboard is one of the major highlights).

Most people would either have their version auto-updated, or their hosts would have updated it for them. For the rest, the updates have gone smoothly with no major issues reported so far.

WordCamp Europe exists to bring together the WordPress community from all over the continent, as well as to inspire local communities everywhere to get their own events going — to that end, the event was a great success, as a host of new meetup groups have popped up in the weeks following WordCamp Europe.

The work that Contributor Day participants accomplished was both varied and valuable, covering all aspects of the WordPress project — have a look through the Make blogs for updates from each team.

WordPress Community Summit

The fourth WordPress Community Summit took place during the two days leading up to WordCamp Europe 2017. This event is an invite-only unconference where people from all over the WordPress community come together to discuss some of the more difficult issues in the community, as well as to make plans for the year ahead in each of the contribution teams.

As the Summit is designed to be a safe space for all attendees, the notes from each discussion are in the process of being anonymized before we publish them on the Summit blog (so stay tuned – they’ll show up there over the next few weeks).

You can already see the final list of topics that were proposed for the event here (although a few more were added during the course of the two day Summit).

WordPress marketing push continues apace

As part of the push to be more intentional in marketing WordPress (as per Matt Mullenweg’s 2016 State of the Word), the Marketing team has launched two significant drives to obtain more information about who uses WordPress and how that information can shape their outreach and messaging efforts.

The team is looking for WordPress case studies and is asking users, agencies, and freelancers to take a WordPress usage survey. This will go a long way towards establishing a marketing base for WordPress as a platform and as a community — and many people in the community are looking forward to seeing this area develop further.

To get involved in the WordPress Marketing team, you can visit their team blog.

New Gutenberg editor available for testing

For some time now, the Core team has been hard at work on a brand-new text editor for WordPress — this project has been dubbed “Gutenberg.” The project’s ultimate goal is to replace the existing TinyMCE editor, but for now it is in beta and available for public testing — you can download it here as a plugin and install it on any WordPress site.

This feature is still in beta, so we don’t recommend using it on a production site. If you test it out, though, you’ll find that it is a wholly different experience to what you are used to in WordPress. It’s a more streamlined, altogether cleaner approach to the text-editing experience than we’ve had before, and something that many people are understandably excited about. Matt Mullenweg discussed the purpose of Gutenberg in more detail during his Q&A at WordCamp Europe.

There are already a few reviews out from Brian Jackson at Kinsta, Aaron Jorbin, and Matt Cromwell (among many others). Keep in mind that the project is in constant evolution at this stage; when it eventually lands in WordPress core (probably in v5.0), it could look very different from its current iteration — that’s what makes this beta stage and user testing so important.

If you’re interested in contributing specifically to the JavaScript or PHP areas of the WordPress core codebase, then the new #core-js and #core-php channels in the Making WordPress Slack group are perfect for you.

If you have a story we should consider including in the next “Month in WordPress” post, please submit it here.

RC means we think we’re done, but with millions of users and thousands of plugins and themes, it’s possible we’ve missed something. We hope to ship WordPress 4.8 on Thursday, June 8, but we need your help to get there. If you haven’t tested 4.8 yet, now is the time!

Developers, please test your plugins and themes against WordPress 4.8 and update your plugin’s Tested up to version in the readme to 4.8. If you find compatibility problems please be sure to post to the support forums so we can figure those out before the final release – we work hard to avoid breaking things. An in-depth field guide to developer-focused changes is coming soon on the core development blog.